W3C home > Mailing lists > Public > www-ws-arch@w3.org > March 2002

RE: Security?

From: David Orchard <david.orchard@bea.com>
Date: Fri, 8 Mar 2002 10:35:02 -0800
To: "'Ahmed, Zahid'" <zahid.ahmed@commerceone.com>, "'Munter, Joel D'" <joel.d.munter@intel.com>, "'W3C WS Architecture'" <www-ws-arch@w3.org>
Message-ID: <000b01c1c701$11344ee0$461ce8d8@beasys.com>
To further this point, WSA does not invent any new technologies.  We
certainly can talk about security requirements.  But we identify gaps and
then propose other WGs in the WSA to define the technical solution.  I think
most of us want re-use where appropriate as this meets at least one person's
favorite goal, time to market.

Cheers,
Dave


> -----Original Message-----
> From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
> Behalf Of Ahmed, Zahid
> Sent: Thursday, March 07, 2002 5:31 PM
> To: 'Munter, Joel D'; 'W3C WS Architecture'
> Subject: RE: Security?
>
>
>
> I think Web Service Security Interoperbility w.r.t. how
> SOAP messages can support confidentiality, integrity,
> authentication data, and authorization data is part
> of the scope of this WG.
>
> However, we do not necessarily need to invent new security
> protocols, but rather have agreements of how to express such
> security features carried in SOAP messages in a standardized
> headers.
>
>
> ----Zahid
>
>
>
>
> > As a friendly amendment, while it is certainly within the
> scope [1] of
> > the WS-Arch WG to consider security and licensing, it
> doesn't seem to be
> > within its scope to actually define such mechanisms.
> >
>
> -----Original Message-----
> From: Munter, Joel D [mailto:joel.d.munter@intel.com]
> Sent: Tuesday, March 05, 2002 10:20 AM
> To: 'W3C WS Architecture'
> Subject: FW: Security?
>
>
>
> This was posted on the W3C Web Services (general discussion)
> list.  As it
> appears relevant to our requirements discussion, I took the
> initiative to
> cross-post it.  My apologies to anyone if I have caused you
> to see this
> again.  Comments?
> Joel
>
> -----Original Message-----
> From: Michele Costabile [mailto:mico@zucchetti.com]
> Sent: Tuesday, March 05, 2002 8:34 AM
> To: www-ws@w3.org
> Subject: RE: Security?
>
>
> I think I need a clarification.
> Most security schemes I have seen lately (an ten are invented
> every hour)
> use SOAP headers in some way and some level of cryptography.
> All of the SOAP services that will be offered for a fee will have some
> schema of licensing, i.e. will tweak SOAP headers.
> SOAP headers are not described in WSDL.
> I think we need at least a way to express
> i) which headers should be there
> ii) the two or three more commmon semantics of headers, like
> someHeader1 is
> a kerberos ticket while header thatHeader is a user login
> iii) an extension mechanism for everything else.
>
> If WS-Arch steers too clear of defining mechanisms we will
> lose the ability
> of dynamic configuration for all the web services not offered
> for free.
>
>
> > -----Original Message-----
> > From: Henrik Frystyk Nielsen [mailto:henrikn@microsoft.com]
> > Sent: venerdi 15 febbraio 2002 18.23
> > To: Anne Thomas Manes; Michele Costabile; www-ws@w3.org
> > Subject: RE: Security?
> >
> >
> >
> > As a friendly amendment, while it is certainly within the
> scope [1] of
> > the WS-Arch WG to consider security and licensing, it
> doesn't seem to be
> > within its scope to actually define such mechanisms.
> >
> > Henrik
> >
> > [1] http://www.w3.org/2002/01/ws-arch-charter
> >
> > >No formal activity is underway at this time to standardize WS
> > >Security protocols. We just recently formed the Web Services
> > >Architecture Working Group, and one of the goals of this group
> > >is to address security. See
http://www.w3.org/2002/01/ws-arch-charter
> >
> >Best regards,
> >
> >Anne Thomas Manes
> >CTO, Systinet
> >www.systinet.com
> >
> >> -----Original Message-----
> >> From: www-ws-request@w3.org [mailto:www-ws-request@w3.org]On
> >Behalf Of
> >> Michele Costabile
> >> Sent: Friday, February 15, 2002 11:37 AM
> >> To: www-ws@w3.org
> >> Subject: Security?
> >>
> >>
> >> There are a lot of emergin models for applying security to web
> >> services, e.g. using SOAP header to transport Kerberos tickets or
> >> licence data. Is W3C working on a common specification for security
> >> and licensing in WS?
>
Received on Friday, 8 March 2002 19:27:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:56 GMT